1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2014 The ChromiumOS Authors 2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be 3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file. 4*8617a60dSAndroid Build Coastguard Worker * 5*8617a60dSAndroid Build Coastguard Worker * Secure non-volatile storage routines 6*8617a60dSAndroid Build Coastguard Worker */ 7*8617a60dSAndroid Build Coastguard Worker 8*8617a60dSAndroid Build Coastguard Worker #ifndef VBOOT_REFERENCE_2SECDATA_H_ 9*8617a60dSAndroid Build Coastguard Worker #define VBOOT_REFERENCE_2SECDATA_H_ 10*8617a60dSAndroid Build Coastguard Worker 11*8617a60dSAndroid Build Coastguard Worker #include "2api.h" 12*8617a60dSAndroid Build Coastguard Worker 13*8617a60dSAndroid Build Coastguard Worker /*****************************************************************************/ 14*8617a60dSAndroid Build Coastguard Worker /* Firmware secure storage space */ 15*8617a60dSAndroid Build Coastguard Worker 16*8617a60dSAndroid Build Coastguard Worker /* Which param to get/set for vb2_secdata_firmware_get/set() */ 17*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_firmware_param { 18*8617a60dSAndroid Build Coastguard Worker /* Flags; see vb2_secdata_firmware_flags */ 19*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FIRMWARE_FLAGS = 0, 20*8617a60dSAndroid Build Coastguard Worker 21*8617a60dSAndroid Build Coastguard Worker /* Firmware versions */ 22*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FIRMWARE_VERSIONS, 23*8617a60dSAndroid Build Coastguard Worker }; 24*8617a60dSAndroid Build Coastguard Worker 25*8617a60dSAndroid Build Coastguard Worker /* Flags for firmware space */ 26*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_firmware_flags { 27*8617a60dSAndroid Build Coastguard Worker /* 28*8617a60dSAndroid Build Coastguard Worker * Last boot was developer mode. TPM ownership is cleared when 29*8617a60dSAndroid Build Coastguard Worker * transitioning to/from developer mode. Set/cleared by 30*8617a60dSAndroid Build Coastguard Worker * vb2_check_dev_switch(). 31*8617a60dSAndroid Build Coastguard Worker */ 32*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER = (1 << 0), 33*8617a60dSAndroid Build Coastguard Worker 34*8617a60dSAndroid Build Coastguard Worker /* 35*8617a60dSAndroid Build Coastguard Worker * Virtual developer mode switch is on. Set/cleared by the 36*8617a60dSAndroid Build Coastguard Worker * keyboard-controlled dev screens in recovery mode. Cleared by 37*8617a60dSAndroid Build Coastguard Worker * vb2_check_dev_switch(). 38*8617a60dSAndroid Build Coastguard Worker */ 39*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE = (1 << 1), 40*8617a60dSAndroid Build Coastguard Worker }; 41*8617a60dSAndroid Build Coastguard Worker 42*8617a60dSAndroid Build Coastguard Worker /** 43*8617a60dSAndroid Build Coastguard Worker * Initialize firmware secure storage context and verify its CRC. 44*8617a60dSAndroid Build Coastguard Worker * 45*8617a60dSAndroid Build Coastguard Worker * This must be called before vb2_secdata_firmware_get/set(). 46*8617a60dSAndroid Build Coastguard Worker * 47*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 48*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error. 49*8617a60dSAndroid Build Coastguard Worker */ 50*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_secdata_firmware_init(struct vb2_context *ctx); 51*8617a60dSAndroid Build Coastguard Worker 52*8617a60dSAndroid Build Coastguard Worker /** 53*8617a60dSAndroid Build Coastguard Worker * Read a firmware secure storage value. 54*8617a60dSAndroid Build Coastguard Worker * 55*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 56*8617a60dSAndroid Build Coastguard Worker * @param param Parameter to read 57*8617a60dSAndroid Build Coastguard Worker * @return Requested parameter value 58*8617a60dSAndroid Build Coastguard Worker */ 59*8617a60dSAndroid Build Coastguard Worker uint32_t vb2_secdata_firmware_get(struct vb2_context *ctx, 60*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_firmware_param param); 61*8617a60dSAndroid Build Coastguard Worker 62*8617a60dSAndroid Build Coastguard Worker /** 63*8617a60dSAndroid Build Coastguard Worker * Write a firmware secure storage value. 64*8617a60dSAndroid Build Coastguard Worker * 65*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 66*8617a60dSAndroid Build Coastguard Worker * @param param Parameter to write 67*8617a60dSAndroid Build Coastguard Worker * @param value New value 68*8617a60dSAndroid Build Coastguard Worker */ 69*8617a60dSAndroid Build Coastguard Worker void vb2_secdata_firmware_set(struct vb2_context *ctx, 70*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_firmware_param param, 71*8617a60dSAndroid Build Coastguard Worker uint32_t value); 72*8617a60dSAndroid Build Coastguard Worker 73*8617a60dSAndroid Build Coastguard Worker /*****************************************************************************/ 74*8617a60dSAndroid Build Coastguard Worker /* Kernel secure storage space 75*8617a60dSAndroid Build Coastguard Worker * 76*8617a60dSAndroid Build Coastguard Worker * These are separate functions so that they don't bloat the size of the early 77*8617a60dSAndroid Build Coastguard Worker * boot code which uses the firmware version space functions. 78*8617a60dSAndroid Build Coastguard Worker */ 79*8617a60dSAndroid Build Coastguard Worker 80*8617a60dSAndroid Build Coastguard Worker /* Which param to get/set for vb2_secdata_kernel_get/set() */ 81*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_kernel_param { 82*8617a60dSAndroid Build Coastguard Worker /* Kernel versions */ 83*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_KERNEL_VERSIONS = 0, 84*8617a60dSAndroid Build Coastguard Worker 85*8617a60dSAndroid Build Coastguard Worker /* Flags; see vb2_secdata_kernel_flags */ 86*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_KERNEL_FLAGS, 87*8617a60dSAndroid Build Coastguard Worker }; 88*8617a60dSAndroid Build Coastguard Worker 89*8617a60dSAndroid Build Coastguard Worker /* Flags for kernel space */ 90*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_kernel_flags { 91*8617a60dSAndroid Build Coastguard Worker /* 92*8617a60dSAndroid Build Coastguard Worker * Phone recovery functionality is disabled. 93*8617a60dSAndroid Build Coastguard Worker * 94*8617a60dSAndroid Build Coastguard Worker * Deprecated with CL:3718621. 95*8617a60dSAndroid Build Coastguard Worker */ 96*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_KERNEL_DEPRECATED_FLAG_PHONE_RECOVERY_DISABLED = (1 << 0), 97*8617a60dSAndroid Build Coastguard Worker 98*8617a60dSAndroid Build Coastguard Worker /* Phone recovery instructions in recovery UI are disabled. 99*8617a60dSAndroid Build Coastguard Worker * 100*8617a60dSAndroid Build Coastguard Worker * Deprecated with CL:3718621. 101*8617a60dSAndroid Build Coastguard Worker */ 102*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_KERNEL_DEPRECATED_FLAG_PHONE_RECOVERY_UI_DISABLED = (1 << 1), 103*8617a60dSAndroid Build Coastguard Worker 104*8617a60dSAndroid Build Coastguard Worker /* 105*8617a60dSAndroid Build Coastguard Worker * Diagnostic UI is disabled. This includes both hiding the entry 106*8617a60dSAndroid Build Coastguard Worker * point on the recovery UI menu ("Launch diagnostics"), and 107*8617a60dSAndroid Build Coastguard Worker * disallowing the user from booting into the diagnostic UI. 108*8617a60dSAndroid Build Coastguard Worker */ 109*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_KERNEL_FLAG_DIAGNOSTIC_UI_DISABLED = (1 << 2), 110*8617a60dSAndroid Build Coastguard Worker 111*8617a60dSAndroid Build Coastguard Worker /* 112*8617a60dSAndroid Build Coastguard Worker * Allow HW acceleration for crypto 113*8617a60dSAndroid Build Coastguard Worker * 114*8617a60dSAndroid Build Coastguard Worker * RW firmware currently set this flag to enable HW acceleration 115*8617a60dSAndroid Build Coastguard Worker * for crypto. Verstage will use HW implementation for RSA/SHA 116*8617a60dSAndroid Build Coastguard Worker * only when this flag is set. 117*8617a60dSAndroid Build Coastguard Worker * 118*8617a60dSAndroid Build Coastguard Worker * Note: We used a flag in the FW preamble for this before. 119*8617a60dSAndroid Build Coastguard Worker * FW preamble was checked by verstage so the effect was immediate. 120*8617a60dSAndroid Build Coastguard Worker * However with TPM flag we have to modify this in RW stage which is 121*8617a60dSAndroid Build Coastguard Worker * after verstage, so even if we clear this flag the first boot 122*8617a60dSAndroid Build Coastguard Worker * WILL use hwcrypto, RW stage will run and clear this flag and then 123*8617a60dSAndroid Build Coastguard Worker * hwcrypto will be disabled from next boot. 124*8617a60dSAndroid Build Coastguard Worker */ 125*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_KERNEL_FLAG_HWCRYPTO_ALLOWED = (1 << 3), 126*8617a60dSAndroid Build Coastguard Worker }; 127*8617a60dSAndroid Build Coastguard Worker 128*8617a60dSAndroid Build Coastguard Worker /** 129*8617a60dSAndroid Build Coastguard Worker * Initialize kernel secure storage context and verify its CRC. 130*8617a60dSAndroid Build Coastguard Worker * 131*8617a60dSAndroid Build Coastguard Worker * This must be called before vb2_secdata_kernel_get/set(). 132*8617a60dSAndroid Build Coastguard Worker * 133*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 134*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error. 135*8617a60dSAndroid Build Coastguard Worker */ 136*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx); 137*8617a60dSAndroid Build Coastguard Worker 138*8617a60dSAndroid Build Coastguard Worker /** 139*8617a60dSAndroid Build Coastguard Worker * Read a kernel secure storage value. 140*8617a60dSAndroid Build Coastguard Worker * 141*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 142*8617a60dSAndroid Build Coastguard Worker * @param param Parameter to read 143*8617a60dSAndroid Build Coastguard Worker * @return Requested parameter value 144*8617a60dSAndroid Build Coastguard Worker */ 145*8617a60dSAndroid Build Coastguard Worker uint32_t vb2_secdata_kernel_get(struct vb2_context *ctx, 146*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_kernel_param param); 147*8617a60dSAndroid Build Coastguard Worker 148*8617a60dSAndroid Build Coastguard Worker /** 149*8617a60dSAndroid Build Coastguard Worker * Write a kernel secure storage value. 150*8617a60dSAndroid Build Coastguard Worker * 151*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 152*8617a60dSAndroid Build Coastguard Worker * @param param Parameter to write 153*8617a60dSAndroid Build Coastguard Worker * @param value New value 154*8617a60dSAndroid Build Coastguard Worker */ 155*8617a60dSAndroid Build Coastguard Worker void vb2_secdata_kernel_set(struct vb2_context *ctx, 156*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_kernel_param param, 157*8617a60dSAndroid Build Coastguard Worker uint32_t value); 158*8617a60dSAndroid Build Coastguard Worker 159*8617a60dSAndroid Build Coastguard Worker /** 160*8617a60dSAndroid Build Coastguard Worker * Get ec_hash from kernel secure storage. 161*8617a60dSAndroid Build Coastguard Worker * 162*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 163*8617a60dSAndroid Build Coastguard Worker * @return Buffer where hash is stored or NULL on error. 164*8617a60dSAndroid Build Coastguard Worker */ 165*8617a60dSAndroid Build Coastguard Worker const uint8_t *vb2_secdata_kernel_get_ec_hash(struct vb2_context *ctx); 166*8617a60dSAndroid Build Coastguard Worker 167*8617a60dSAndroid Build Coastguard Worker /** 168*8617a60dSAndroid Build Coastguard Worker * Set ec_hash in kernel secure storage. 169*8617a60dSAndroid Build Coastguard Worker * 170*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 171*8617a60dSAndroid Build Coastguard Worker * @param sha256 Hash to be set. 32 bytes. 172*8617a60dSAndroid Build Coastguard Worker */ 173*8617a60dSAndroid Build Coastguard Worker void vb2_secdata_kernel_set_ec_hash(struct vb2_context *ctx, 174*8617a60dSAndroid Build Coastguard Worker const uint8_t *sha256); 175*8617a60dSAndroid Build Coastguard Worker 176*8617a60dSAndroid Build Coastguard Worker /*****************************************************************************/ 177*8617a60dSAndroid Build Coastguard Worker /* Firmware management parameters (FWMP) space */ 178*8617a60dSAndroid Build Coastguard Worker 179*8617a60dSAndroid Build Coastguard Worker /* Flags for FWMP space */ 180*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_fwmp_flags { 181*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FWMP_DEV_DISABLE_BOOT = (1 << 0), 182*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FWMP_DEV_DISABLE_RECOVERY = (1 << 1), 183*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FWMP_DEV_ENABLE_EXTERNAL = (1 << 2), 184*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FWMP_DEV_ENABLE_ALTFW = (1 << 3), 185*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FWMP_DEV_ENABLE_OFFICIAL_ONLY = (1 << 4), 186*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FWMP_DEV_USE_KEY_HASH = (1 << 5), 187*8617a60dSAndroid Build Coastguard Worker /* CCD = case-closed debugging on GSC; flag implemented on GSC */ 188*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FWMP_DEV_DISABLE_CCD_UNLOCK = (1 << 6), 189*8617a60dSAndroid Build Coastguard Worker VB2_SECDATA_FWMP_DEV_FIPS_MODE = (1 << 7), 190*8617a60dSAndroid Build Coastguard Worker }; 191*8617a60dSAndroid Build Coastguard Worker 192*8617a60dSAndroid Build Coastguard Worker /** 193*8617a60dSAndroid Build Coastguard Worker * Initialize FWMP secure storage context and verify its CRC. 194*8617a60dSAndroid Build Coastguard Worker * 195*8617a60dSAndroid Build Coastguard Worker * This must be called before vb2_secdata_fwmp_get_flag/get_dev_key_hash(). 196*8617a60dSAndroid Build Coastguard Worker * 197*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 198*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero error code if error. 199*8617a60dSAndroid Build Coastguard Worker */ 200*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_secdata_fwmp_init(struct vb2_context *ctx); 201*8617a60dSAndroid Build Coastguard Worker 202*8617a60dSAndroid Build Coastguard Worker /** 203*8617a60dSAndroid Build Coastguard Worker * Read a FWMP secure storage flag value. 204*8617a60dSAndroid Build Coastguard Worker * 205*8617a60dSAndroid Build Coastguard Worker * It is unsupported to call before successfully running vb2_secdata_fwmp_init. 206*8617a60dSAndroid Build Coastguard Worker * In this case, vboot will fail and exit. 207*8617a60dSAndroid Build Coastguard Worker * 208*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 209*8617a60dSAndroid Build Coastguard Worker * @param flag Flag to read 210*8617a60dSAndroid Build Coastguard Worker * @return current flag value (0 or 1) 211*8617a60dSAndroid Build Coastguard Worker */ 212*8617a60dSAndroid Build Coastguard Worker int vb2_secdata_fwmp_get_flag(struct vb2_context *ctx, 213*8617a60dSAndroid Build Coastguard Worker enum vb2_secdata_fwmp_flags flag); 214*8617a60dSAndroid Build Coastguard Worker 215*8617a60dSAndroid Build Coastguard Worker /** 216*8617a60dSAndroid Build Coastguard Worker * Return a pointer to FWMP dev key hash. 217*8617a60dSAndroid Build Coastguard Worker * 218*8617a60dSAndroid Build Coastguard Worker * @param ctx Context pointer 219*8617a60dSAndroid Build Coastguard Worker * @return uint8_t pointer to dev_key_hash field 220*8617a60dSAndroid Build Coastguard Worker */ 221*8617a60dSAndroid Build Coastguard Worker uint8_t *vb2_secdata_fwmp_get_dev_key_hash(struct vb2_context *ctx); 222*8617a60dSAndroid Build Coastguard Worker 223*8617a60dSAndroid Build Coastguard Worker #endif /* VBOOT_REFERENCE_2SECDATA_H_ */ 224